Index Index for
Section 3
Index Alphabetical
listing for G
Bottom of page Bottom of
page		 

gss_inquire_cred(3)


NAME

  gss_inquire_cred - Obtain information about credentials.


SYNOPSIS

  #include <gssapi/gssapi.h>

  OM_uint32 gss_inquire_cred(
	  OM_uint32 * minor_status,
	  const gss_cred_id_t cred_handle,
	  gss_name_t * name,
	  OM_uint32 * lifetime,
	  gss_cred_usage_t * cred_usage,
	  gss_OID_set * mechanisms );


PARAMETERS

  minor_status
	  Kerberos 5 error code.

  cred_handle
	  Credentials being queried. If GSS_C_NO_CREDENTIALS is specified,
	  the default initiator credentials are used.

  name	  The principal name whose identity the credentials represent. This
	  name is an internal form name.

	  The storage associated with this name should be freed by the
	  application after use with a call to gss_release_name().

  lifetime
	  The number of seconds remaining in the lifetime of the credentials.
	  If the credentials have expired, a value of zero is returned.
	  Specify NULL for this parameter if this information is not
	  required.

	  This parameter is valid only for initiator credentials. The HP
	  implementation of the GSS-API does not support credentials
	  expiration for acceptor credentials. A value of GSS_C_INDEFINITE is
	  always returned for acceptor credentials.

  cred_usage
	  How the credentials may be used. Specify NULL if this information
	  is not required.

	    ·  GSS_C_BOTH -- Credentials may be used to either initiate or
	       accept security contexts.

	    ·  GSS_C_INITIATE -- Credentials may be used only to initiate
	       security contexts.

	    ·  GSS_C_ACCEPT--  Credentials may be used only to accept
	       security contexts.

  mechanisms
	  Object identifier (OID) set of security mechanisms supported by the
	  credentials. The HP implementation of the GSS-API supports Kerberos
	  5.

	  The storage associated with this OID set should be freed by the
	  application after use with a call to gss_release_oid_set().


DESCRIPTION

  The gss_inquire_cred() function obtains information about credentials. This
  information includes the principal name whose identity the credentials
  represent, the remaining validity period (initiators only), the credentials
  usage, and the security mechanisms supported.

  With Kerberos 5, the credential that is queried is the TGT, not service
  tickets.

  To avoid memory leaks, the application must release the storage associated
  with the name parameter with a call to gss_release_name() after use.
  Similarly, the storage associated with mechanisms OID set must be released
  with a call to gss_release_oid_set().


RETURN VALUES

  GSS_S_CALL_INACCESSIBLE_READ	  01xxxxxx
  GSS_S_CALL_INACCESSIBLE_WRITE	  02xxxxxx
  GSS_S_COMPLETE		  00000000
  GSS_S_DEFECTIVE_CREDENTIAL	  xx0Axxxx
  GSS_S_FAILURE			  xx0Dxxxx
  GSS_S_NO_CRED			  xx07xxxx


SEE ALSO

  Functions:  gss_acquire_cred(3), gss_inquire_cred_by_mech(3),
  gss_release_name(3), gss_release_oid_set(3)

Index Index for
Section 3
Index Alphabetical
listing for G
Top of page Top of
page